Overnight Technology

Hillicon Valley: Trump eyes staff shake-up | Amazon taps NYC, Northern Virginia for new offices | What it will mean for DC | Tech firms buck Trump on cyber pact | Defense official warns against hacking back

Welcome to Hillicon Valley, The Hill’s newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley.

Welcome! Follow the cyber team, Olivia Beavers (@olivia_beavers) and Jacqueline Thomsen (@jacq_thomsen), and the tech team, Harper Neidig (@hneidig) and Ali Breland (@alibreland).

 

SHAKE-UP AT THE TOP? Rumors are afoot that top officials like chief of staff John Kelly, his former aide and now Homeland Security Secretary Kirstjen Nielsen, and John Bolton’s deputy Mira Ricardel are either on their way out — or have already been pushed out of the White House.

This shake-up — at such high levels — could have a major impact on key cyber matters.

{mosads}Nielsen, a big cyber wonk, has regularly discussed the department’s cyber policies, and is well-liked and respected by experts in the field. The loss of a high-profile leader who is both knowledgeable on and dedicated to the topic would likely be felt by not just DHS staffers, but those tracking the agency’s work.

Five current and former White House officials told The Washington Post that Trump is planning to remove Nielsen as soon as possible.

But Kelly is reportedly fighting the president on the matter, hoping to keep Nielsen in place. Kelly hired Nielsen as his chief of staff while he was Homeland Security secretary and has reportedly defended her for months.

Trump has berated Nielsen in public and in private since she was hired, aggressively going after her during Cabinet meetings and mocking her in conversations with other White House officials, the Post reported.

Still, let’s not count those chickens before they hatch: Nielsen is still set for a number of public appearances this week, and a U.S. Chamber of Commerce spokesperson told The Hill today that plans are still on for her to deliver opening remarks at an event hosted by the chamber on Friday. Then again, you never know what can happen in this administration…

More on the potential shake-up here.

 

IT’S OFFICIAL: Amazon on Tuesday officially announced that it would split its “second headquarters” between New York City and Arlington, Va., after a more than yearlong search.

The announcement comes after dozens of cities tried to woo the online retail giant during the search with promises of tax breaks and other gifts. Between the two cities and the addition of a smaller office in Nashville, Tenn., Amazon will reap about $2 billion in subsidies from taxpayers.

“These two locations will allow us to attract world-class talent that will help us to continue inventing for customers for years to come,” Amazon CEO Jeff Bezos said in a statement. “The team did a great job selecting these sites, and we look forward to becoming an even bigger part of these communities.”

The move gives the Seattle-based tech giant a foothold in two major East Coast power centers. Bezos has already adopted Washington, D.C., as a second home; in recent years he has bought The Washington Post and a $23 million mansion in the Northwest D.C. neighborhood of Kalorama.

The company will be collecting more than $1.5 billion in incentives from New York and up to $550 million from Virginia, in exchange for promising at least 25,000 jobs at each of the two new offices.

The New York City office will be located in the Queens neighborhood of Long Island City. Under one tax break that New York is offering Amazon, the state will be paying $48,000 for each of the 25,000 jobs that the company is offering. Read more here.

 

Here are five ways Amazon HQ2 could affect the DC area…

We break them down here.

 

Ocasio-Cortez weighs in: Rep.-elect Alexandria Ocasio-Cortez (D-N.Y.) criticized Amazon on Monday over the news that it has picked Long Island City in Queens as the site of a new headquarters, arguing it will hurt the local community in the New York City borough.

“We’ve been getting calls and outreach from Queens residents all day about this. The community’s response? Outrage,” Ocasio-Cortez wrote in the first of a series of tweets about the development.

“Amazon is a billion-dollar company,” she wrote. “The idea that it will receive hundreds of millions of dollars in tax breaks at a time when our subway is crumbling and our communities need MORE investment, not less, is extremely concerning to residents here.” Read more here.

 

US TECH FIRMS BUCK TRUMP ON CYBER AGREEMENT: Prominent U.S. technology companies are backing an international cyber agreement that would limit the use of certain cyber weapons, even after the Trump administration declined to sign onto the non-binding declaration this week.

The United States was one of just several Western countries that chose not to sign the “Paris Call for Trust and Security in Cyberspace,” which French President Emmanuel Macron released on Monday during the Paris Peace Forum.

Despite the Trump administration withholding its support, U.S. companies like Microsoft, Facebook, and Google as well as over 100 other companies joined 51 countries in signing onto the Paris Call.

The agreement includes cyber principles that aim to limit offensive and defensive cyber weapons, including protecting civilians from cyberattacks, curbing hate speech, and deterring election interference by other foreign nations.

“Cyberattacks are being used in new ways to threaten democratic societies, and democratic societies need to respond,” Microsoft President Brad Smith wrote in a blog post. “The Paris Call represents a watershed moment, bringing together stakeholders from around the globe to protect our electoral processes, not just governments, but the leading institutions that collectively represent the fabric of the world’s democracies.”

Nicklas Lundblad, a Google vice president, echoed the support. “Strong security is the cornerstone of everything we do at Google. We support the Paris Call for Trust and Security in Cyberspace, because as security threats evolve, continuous collaboration with the industry and with governments is the best way to protect users and help create a more secure Internet for everyone,” he said in a statement.

Other organizations like Swiss Re, the U.S. Chamber of Commerce, and Cisco also embraced the agreement. Besides the United States, Australia, Turkey, and Israel did not immediately sign on to the agreement.

The deal aims to end “malicious cyber activities in peacetime” by establishing international norms. Read more here.

 

RUSSIAN MALWARE GOES AFTER CRYPTO: A new Russian malware is going after cryptocurrencies by quietly taking over a victim’s machine’s ability to mine for the digital coins.

According to new report by McAfee Labs, the malware known as WebCobra quietly runs in the background of the server, increasing power consumption while slowing down the machine.

By sucking the power of the machines, the malware that mines on the app Coin mining is hard to detect as well as a drain on one’s energy bill.

According to the research, it could cost can cost from $531 to $26,170 to mine a single bitcoin, according to a recent report.

“The increase in the value of cryptocurrencies has inspired cybercriminals to employ malware that steals machine resources to mine crypto coins without the victims’ consent,” according to the report.

 

PUBLIC INTEREST GROUPS UNVEIL PRIVACY PRINCIPLES: Internet privacy advocates are drawing a line in the sand for lawmakers as Congress begins considering a federal data privacy bill.

A coalition of 34 public interest groups on Tuesday released a set of privacy principles that they want codified in any comprehensive data bill that Congress drafts.

They say the principles are the bare minimum privacy protections any legislation should include, including giving consumers more control over data and making it easier to sue internet giants in court over violations.

It’s the result of mounting frustration for advocacy groups who say Silicon Valley has been able to regulate itself and fear the prospect of industry lobbyists writing the new law.

Various industry groups have already released their own wish lists for lawmakers in recent months to capitalize on the growing momentum for a federal privacy law.

“The companies have been sucking all of the oxygen out of the internet privacy debate for a while now,” Allie Bohm, a policy counsel with the consumer group Public Knowledge, which helped draft the proposal, told The Hill. “It’s extraordinarily important that public interest voices, that consumers, that civil rights advocates, that privacy advocates be heard in this debate. Read more here.

 

WELL THAT CAN’T BE GOOD: A Chinese threat actor known as TEMP.Periscope is proving more sophisticated than previously believed, using tactics and technology previously displayed by Russian threat groups, according to new research by Recorded Future.

The security firm says that TEMP.Periscope employs tactics, techniques and procedures (TTPs) from Russian threat actors, making it harder to detect, deter and defend against.

“Recorded Future believes that China’s cyber espionage and operations have significantly evolved and the industry is not keeping up,” Recorded Future said in a statement. 

“While there is a general belief that China is high volume, low sophistication, and focuses on IP theft, in reality, they are utilizing commodity malware, employing VPNs and other encryption technologies for C2 and exfiltration, and now borrowing known successful techniques from other nation-state groups,” the statement continues, stating that this makes cyber incident attributions less clear.

 

YOU’RE STILL HERE? Hackers are increasingly seeking to exploit a Microsoft Windows flaw that in part contributed to the devastating WannaCry ransomware attacks, according to a new report.

Security firm Rapid7 said Tuesday there are scores of computer servers that have been impacted by the “EternalBlue” exploit.

“There are still hundreds of thousands of vulnerable and likely infected Microsoft file servers spread across the internet helping to keep this particular bane alive,” according to security firm Rapid7’s third quarter threat report released on Tuesday.

The U.S. and other nations have blamed North Korea as being behind WannaCry, which affected institutions across the globe including major European companies, the Russian Ministry of the Interior, Chinese law enforcement and many others.

 

DEMS PRESS FTC ON DECEPTIVE MARKETING AIMED AT KIDS: A trio of Democratic senators is pushing for the Federal Trade Commission to probe manipulative advertising practices on phone apps aimed at children.

“The FTC has a statutory obligation to protect consumers from unfair and deceptive advertising practices. That responsibility is all the more urgent when the potential victims of such practices are children,” Sens. Edward Markey (D-Conn.), Tom Udall (D-N.M.) and Richard Blumenthal (D-Conn.) wrote in their letter to FTC Commissioners.

“As parents increasingly permit kids to engage in online games and apps for entertainment and fun, it is imperative to ensure that these playtime options are compliant with existing laws,” they continued. Read more here.

 

HMM, MAYBE NOT: A top cyber official at the Defense Department on Tuesday urged companies to refrain from “hacking back” when they are the victim of a cyberattack, saying it could negatively affect the already unclear rules of engagement in cyberspace.

Edwin Wilson, the deputy assistant secretary of defense for cyber policy, said at a Foundation for Defense of Democracies event that “industry, private citizens should have the ability to defend themselves.”

But he cautioned that there is a “unique nature in cyberspace in regards to offensive activity,” such as a company using cyber methods to retaliate against hackers who target their networks.

Wilson said that while there are some established norms for behavior in cyberspace, like the United Nations cyber agreements whose signatories include the United States, industries carrying out offensive attacks could be a “destabilizing influence.”

The concept of “hacking back” has gained steam in recent months. Sen. Sheldon Whitehouse (D-R.I.) said during a congressional hearing earlier this year that Congress should allow companies to retaliate against cyberattacks. Read more about it here.

 

DOJ DENIES TRUMP INFLUENCE IN COMCAST PROBE: The Department of Justice’s assistant attorney general for antitrust, Makan Delhrahim, said Tuesday that evidence drove the DOJ’s antitrust probe of Comcast, not outside political pressure.

“As far as what we do in our enforcement — we need the evidence, we need the economics, [before] we go to court,” said Delrahim, when asked during an appearance on CNBC about the president’s personal criticism of companies including Comcast and Amazon.

“Politics that goes on between various aspects of the government don’t affect our decisions to make these cases.”

The DOJ is in the midst of an investigation into Comcast on behalf of a group representing small cable providers.

Trump tweeted out his support for the probe Monday. Read more here.

 

AN OP-ED TO CHEW ON: CIA operations in Iran, China compromised for years because of hubris and a Google search.

 

A LIGHTER CLICK: Sure, why not.

 

NOTABLE LINKS FROM AROUND THE WEB:

Top Judiciary Dem presses FBI, DOJ to fulfill backlog of oversight requests before next Congress. (The Hill)

Elizabeth Denham: ‘Will there be other Cambridge Analyticas out there? I suspect there will.’ (Telegraph)

Inside Magecart: A Flashpoint and RiskIQ joint report.

Amazon’s HQ2 will benefit from New York City. But what does New York get? (New York Times)

Physicist wins $3 million prize for discovering pulsars, donates it all to promoting diversity in STEM (Motherboard)

Newsrooms transform to cover the 21st century. (Axios)